COMODO Cleaning Essentials ( Wishlist )

[morphiusz]

Ooohh, crap, you' re right.

[jovan111p]

When you click twice one a process and go to "Verdict" you will see DACS results, CAMAS results and other.

Why I have blank page in this case ( I click in KillSwitch)?

[lordraiden]

Why I have blank page in this case ( I click in KillSwitch)?

Only the unknown files are sent to DACS.

[salaficall]

A % showing the progress of the files being uploaded would be nice.
Also CCE should have an option to scan and detect all the unknown files in my computer with a dangerous extension and upload them to DACS, so I will not need to left open KillSwitch all the time to upload the programs that I also have to left opened and everything will be done with 1 scan.

+1000

[Melih]

+1000

doesn't that how killswitch work at the moment?

all the unknown files are automatically checked...

am i missing something?

[Arkose]

I would like to see improved portability. In the current beta CCE saves its settings in the registry while KillSwitch uses the user profile; CCE also leaves some DACS logs in the user profile (tested on XP SP3). The end result is that it's currently impossible to preconfigure either product in preparation for using it on other systems.

[Chiron]

No files, or registry entries, should be removed without user interaction.

[Valentin N]

As I said in the usability study group I would like to CCE to supoort multi core cpu and that CCE has cpu management where you can select the amount cpu cores and how much of the cpu it should use; you will be able to scan without slow down. I have seen that it uses 50% which is okey; cmdagent uses more.

Regards,
            Valentin N

[salaficall]

doesn't that how killswitch work at the moment?

all the unknown files are automatically checked...

am i missing something?

hello Melih

we are talking about the full scan option in CCE , we want all the unknown files on the hard drive to be checked by DACS or at least all the suspicious files on the hard dirve  , not only the active processes.

have a look here plz ..

https://forums.comodo.com/comodo-cleaning-essentials-cce-killswitch/comodo-cleaning-essentials-1117429427-beta-ready-t66867.0.html;msg471149#msg471149

[Budda]

In CCE, if the antivirus portion that downloads the database scanner file  is the same engine and database as Comodo Antivirus, then have a function that simply copies/pastes the database file from CAV to CCE if it detects CAV is installed on the users computer.

I can't understand why I am downloading the same db twice on my computer if it is the same thing.

[Chiron]

How about also offering to scan the files with ThreatExpert and Anubis?

Also, for the behavioral analyzers it would be useful, for advanced users, if you could provide links to the results.

[Whoop-dee-doo]

 I thought I would share these wishes with all forum members (they were originally posted in the usability forum, which is accessible only to users with special privileges).

Auto suspend
How about an option for Killswitch to automatically suspend any newly launched process that is unknown, suspicious, or malicious?. If you have this option, it may be helpful in two scenarios:

1) Have a small installer that can install a special "lock-up rescue" version of killswitch. This installer would early-load killswitch on start-up (using a random filename), but this version of killswitch will automatically "suspend all unsafe objects" when it starts.  When an infected system is too bogged down by malware, trying to run killswitch in its current configuration is often impossible.

2) Running Killswitch in background. If you have malware that keeps re-launching new processes, Killswitch will automatically suspend the processes and not let them lock up the machine. This would be most useful for zero-day malware for which there is no signature (so verdict from comodo, other AV vendors, and CAMAS may be unknown).

When the Internet Connection is disabled
 Provide a method to download the latest AV database and white list for CCE. If malware disables the internet connection, then CCE and killswitch cannot access DACS, CAMAS, the cloud, and updates. In this case, you need to download the most up-to-date information from another computer, and transfer the files to the infected computer.

Eliminate traces
Also, it would be nice if CCE eliminated malware "traces". I know the most important issue is getting rid of active or potentially active malware ("acid" cleaning), but getting rid of traces is a nice way to add a "polished shine" on what you've just cleaned.

Tools That Fix system settings
Add tools to scan for and correct system changes made by malware (e.g. deactivation of task manager, home page hijack, disable control panel, etc.). Maybe you can build these into the standard scan.

[arjunpa]

I thought I would share these wishes with all forum members (they were originally posted in the usability forum, which is accessible only to users with special privileges).

Auto suspend
How about an option for Killswitch to automatically suspend any newly launched process that is unknown, suspicious, or malicious?. If you have this option, it may be helpful in two scenarios:

1) Have a small installer that can install a special "lock-up rescue" version of killswitch. This installer would early-load killswitch on start-up (using a random filename), but this version of killswitch will automatically "suspend all unsafe objects" when it starts.  When an infected system is too bogged down by malware, trying to run killswitch in its current configuration is often impossible.

2) Running Killswitch in background. If you have malware that keeps re-launching new processes, Killswitch will automatically suspend the processes and not let them lock up the machine. This would be most useful for zero-day malware for which there is no signature (so verdict from comodo, other AV vendors, and CAMAS may be unknown).

When the Internet Connection is disabled
 Provide a method to download the latest AV database and white list for CCE. If malware disables the internet connection, then CCE and killswitch cannot access DACS, CAMAS, the cloud, and updates. In this case, you need to download the most up-to-date information from another computer, and transfer the files to the infected computer.

Eliminate traces
Also, it would be nice if CCE eliminated malware "traces". I know the most important issue is getting rid of active or potentially active malware ("acid" cleaning), but getting rid of traces is a nice way to add a "polished shine" on what you've just cleaned.

Tools That Fix system settings
Add tools to scan for and correct system changes made by malware (e.g. deactivation of task manager, home page hijack, disable control panel, etc.). Maybe you can build these into the standard scan.

+1000

[Whoop-dee-doo]

How about also offering to scan the files with ThreatExpert and Anubis?

+1

Also, for the behavioral analyzers it would be useful, for advanced users, if you could provide links to the results.

Yes, especially the CIMA results.

Color Coding in Killswitch
The colors currently do not reflect the verdict (which is the most important piece of information). The color should be based primarily on verdict (i.e. this characteristic takes priority when color coding is displayed). - See attached pic.
  Safe = white (or perhaps green instead)
  Unknown = yellow
  Suspicious = light red
  Malicious = red

Other criteria (such as CPU usage), should use other colors (such as orange, navy blue, light blue, brown, purple, light purple).
Grey would still show which object is selected.

This would draw attention directly to the worrisome objects.

[attachment deleted by admin]

[Whoop-dee-doo]

This concept by elliotcroft may be an interesting addition to Killswitch.

Elliotcroft suggests a "process tracking" feature that logs the activities of a process. The user would designate which process he wishes to track, and then Killswitch will create a log for that process.  The tracker may help with debugging and with malware research.

Elliotcroft also proposes a rollback (or "undo") feature. If a process is malicious or causing crashes/freezes, the user can undo all the activities created by the process (it should probably also terminate the main process and all the processes it spawned). Kind of like Time Machine for processes.